mon: check 'nonce' validity for cidr ranges

Signed-off-by: Greg Farnum <[email protected]>
mitsu-ko · Apr 13, 2022 · 5c903e5 · 5c903e5
1 parent 4b08448
commit 5c903e5
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
@@ -12710,6 +12710,12 @@ bool OSDMonitor::prepare_command_impl(MonOpRequestRef op,
 	if (err) {
 	  goto reply;
 	}
+	if ((addr.is_ipv4() && addr.get_nonce() > 32) ||
+	    (addr.is_ipv6() && addr.get_nonce() > 128)) {
+	  ss << "Too many bits in range for that protocol!";
+	  err = -EINVAL;
+	  goto reply;
+	}
       } else {
 	if (osdmap.require_osd_release >= ceph_release_t::nautilus) {
 	  // always blocklist type ANY